Infosec – what is it and why is it important?

At Tide, we take maintaining your data security very seriously. This practice is known as information security, or infosec for short. Infosec involves protecting information, as well as information processing systems from unauthorised access, use, modification, or destruction. There’s good reason to take it seriously too – a recent Lloyds of London study estimates that cyber attacks cost businesses around the world a staggering $400 billion every year!

In this blog post, we will detail some of the techniques and practices different sized businesses often implement to protect both their own information, as well as their information processing systems. We’ll first highlight some quick and easy methods that can really boost a company’s security posture (we like to call them quick wins!), before looking at some more advanced options for those really looking to go the extra mile. We’ll also share some details on how we keep your information safe here at Tide.

Please note that all the information contained in this post is provided for informational purposes only. It should not be considered as expert advice on any subject matter. You should not act, nor refrain from acting on the basis of the content provided in this post without first seeking professional advice.

Quick and easy solutions for every business

Let’s start with the quick wins!

Video conferencing security tools

In recent months, many of us have swapped the office for a home office – at least temporarily. This means you’re probably using video conferencing software a lot more than you used to. But did you know you could potentially be exposing your private calls to the ears of unwanted listeners and therefore risking your company information being stolen? Make the most of the free security features on offer by adding password protection to your meetings, and enabling waiting rooms so that you can choose who to admit before they’re able to join. Most video conferencing software also lets you lock meeting rooms to prevent more people from joining, and gives you the ability to manually remove people as required (as exquisitely demonstrated by Jackie Weaver of Handforth Parish Council!).

Passwords and password managers

You probably have a great many passwords to remember in both your work and personal life. It’s therefore likely that you may resort to using simpler passwords or reusing passwords to make your life easier. Add in the extra complication of shared passwords and shared accounts and you have the perfect recipe for a serious security threat! Remember, the simpler the password you use, the easier it is for cyber attackers to gain access to your systems and data. If you want to avoid ridiculously long passwords that contain every special character under the sun, you could try using 4 random words to help create a stronger password that’s still relatively easy to remember.

However, for higher-risk systems and for those seeking the best security, password managers and their use of random-symbol passwords are likely to be the safest option. They’re also better if you’d prefer not to have to try and remember all of the passwords you use, because Password Managers offer a simple and convenient way to store them all. They vary from provider to provider, with some providing useful extra features such as a single sign-on (SSO) service, but they generally all store and remember your passwords in one place. This means you can use as many different passwords as you need and still only need to remember one password to access them. Though keep in mind that if someone manages to gain access, they’d gain access to every password you’ve saved!

Multi-Factor Authentication

Multi-Factor Authentication (also called Two-Factor Authentication or 2FA) can add an extra layer of security beyond simply using passwords alone. This involves being sent an email, text message or push notification after entering your password requiring you to input a unique code. The aim of this is to ensure that, even if your password is compromised, you will still have protection. The National Cyber Security Centre (NCSC) has some great guides on Password Managers and Multi Factor Authentication if you want to find out more.

Data backups

Regardless of how careful you are, sometimes data and information can be stolen or become corrupted. Whether this is due to cyber attacks, hardware failures, or events outside of your control such as floods and fires. Failing to backup your company’s data and customer information could mean you lose everything if something like this happens. Backing up your data is a great habit to get into to avoid these troubles. It involves periodically saving your data and information separate from your computer, usually on an external hard drive or flash drive. Ensuring backups are not connected to the internet can also help to keep the data and information safe from cyber attacks. Cloud storage is also an option for backing up your data, and the NCSC have a great guide on getting started. If you need to back up personally identifiable information, don’t forget to take into consideration your legal obligations associated with the protection of personal data, particularly the rules on transfers of personal data to foreign jurisdictions.

Malware

Malicious software, also known as malware, can slow your systems down, prevent your legitimate software from working properly, steal your data and even take control of your systems entirely. Using antivirus software on your company’s computers is a good way to help prevent this by running in the background and helping to spot and remove malware you inadvertently install. You can limit the amount of malware your computer is exposed to by keeping your software, especially your operating system and internet browser, as up to date as possible. Being careful of the websites you visit and things you download will also help ensure you don’t accidentally download malware.

Phishing

‘Phishing’ is a very common form of cyber attack which involves a hacker impersonating a real company or person, and nowadays these attacks can often be quite sophisticated and difficult to spot. They take many forms, but their goal is to get you to share sensitive information such as login credentials, credit card information or bank account details. It’s good practice to always make sure you double check URLs, email senders and domain names (even if you think you know who it’s from!), and don’t click on any links or attachments from senders that you don’t recognise. Be especially wary of compressed or executable file types like .zip or .exe.

If you haven’t already, make sure you check out our other security blog posts, such as our posts on prevalent scams and fraud typologies, to help make sure you know how to spot something dodgy before it ends up costing you!

We hope you’ve found this post helpful, and if you haven’t already put some of the above into practice, we hope we’ve inspired you to look into doing so!

Photo by cottonbro, published on Pexels